South Korea fines Meta $15 million for illegally collecting information on Facebook users

South Korea’s privacy watchdog on Tuesday fined social media company Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users, including data about ir political views and sexual orientation, and sharing it with thousands of advertisers.

It was latest in a series of penalties against Meta by South Korean authorities in recent years as y increase ir scrutiny of how company, which also owns Instagram and WhatsApp, handles private information.

Following a four-year investigation, South Korea’s Personal Information Protection Commission concluded that Meta unlawfully collected sensitive information about around 980,000 Facebook users, including ir religion, political views and wher y were in same-sex unions, from July 2018 to March 2022.

It said company shared data with around 4,000 advertisers.

South Korea’s privacy law provides strict protection for information related to personal beliefs, political views and sexual behavior, and bars companies from processing or using such data without specific consent of person involved.

commission said Meta amassed sensitive information by analyzing ps Facebook users liked or advertisements y clicked on.

company categorized ads to identify users interested in mes such as specific religions, same-sex and trans issues, and issues related to rth Korean escapees, said Lee Eun Jung, a director at commission who led investigation on Meta.

“While Meta collected this sensitive information and used it for individualised services, y made only vague mentions of this use in ir data policy and did t obtain specific consent,” Lee said.

Lee also said Meta put privacy of Facebook users at risk by failing to implement basic security measures such as removing or blocking inactive ps. As a result, hackers were able to use inactive ps to forge identities and request password resets for accounts of or Facebook users. Meta approved se requests without proper verification, which resulted in data breaches affecting at least 10 South Korean Facebook users, Lee said.

In September, European regulators hit Meta with over $100 million in fines for a 2019 security lapse in which user passwords were temporarily exposed in an un-encrypted form.

Meta’s South Korean office said it would “carefully review” commission’s decision, but didn’t immediately provide more comment.

In 2022, commission fined Google and Meta a combined 100 billion won ($72 million) for tracking consumers’ online behavior without ir consent and using ir data for targeted advertisements, in biggest penalties ever imposed in South Korea for privacy law violations.

commission said n that two companies didn’t clearly inform users or obtain ir consent to collect data about m as y used or websites or services outside ir own platforms. It ordered companies to provide an “easy and clear” consent process to give people more control over wher to share information about what y do online.

commission also hit Meta with a 6.7 billion won ($4.8 million) fine in 2020 for providing personal information about its users to third parties without consent.